Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-59361 | 1 Chaos-mesh | 1 Chaos Mesh | 2025-10-14 | N/A | 9.8 CRITICAL |
| The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster. | |||||
| CVE-2025-59360 | 1 Chaos-mesh | 1 Chaos Mesh | 2025-10-14 | N/A | 9.8 CRITICAL |
| The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster. | |||||
| CVE-2025-59359 | 1 Chaos-mesh | 1 Chaos Mesh | 2025-10-14 | N/A | 9.8 CRITICAL |
| The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster. | |||||
| CVE-2025-59358 | 1 Chaos-mesh | 1 Chaos Mesh | 2025-10-14 | N/A | 7.5 HIGH |
| The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service. | |||||
| CVE-2024-36538 | 1 Chaos-mesh | 1 Chaos Mesh | 2025-10-14 | N/A | 8.8 HIGH |
| Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | |||||